CVE-2024-5182

Name: CVE-2024-5182
Creator: NVD / NIST
Published: 2024-06-20T00:15:09.487+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.1/10EPSS 25.54%

Last modified Jun 17, 2026

CVE-2024-5182 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. EPSS estimates a 25.54% chance of exploitation in the next 30 days.

Description

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.

Metrics

CVSS 3.1

9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS Probability

25.54%

97.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Mudler	Localai	< 2.16.0

References

https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0ePatch
https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545Exploit, Issue Tracking, Patch
https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0ePatch
https://huntr.com/bounties/f7a87f29-c22a-48e8-9fce-b6d5a273e545Exploit, Issue Tracking, Patch

Timeline

Published: Jun 20, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2024-5182?

How severe is CVE-2024-5182?

CVE-2024-5182 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 25.54% probability of exploitation in the next 30 days.

How do I fix CVE-2024-5182?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2024-5182?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST